Forum Discussion

AlsDevC's avatar
AlsDevC
Icon for Altocumulus rankAltocumulus
May 03, 2023

Handle False Positive for files upload

Hi folks,  I'm wondering how to handle uploading files through XC. For example, I have a URL used for uploading files to a web application, say /upload. The files appear to be scanned by XC which d...
  • Sudhir_Patamsetti's avatar
    Sudhir_Patamsetti
    May 03, 2023

    Yes, the reocmmendation is to leave it "enabled" ( the feature is enabled in the default policy ).

    Regarding the comment "lowered the level of protection against SQL Injection type attacks" , could you please open a support ticket with the details ? We will review and make improvements as needed to the model

AlsDevC's avatar
AlsDevC
Icon for Altocumulus rankAltocumulus
May 03, 2023

I disabled "automatic attack signatures tuning" because we noticed that it lowered the level of protection against SQL Injection type attacks.
Am I to understand that this is not a good practice and that it is advisable to leave it enabled to limit the number of false positives?

  • Sudhir_Patamsetti's avatar
    Sudhir_Patamsetti
    Icon for Employee rankEmployee
    May 03, 2023

    Yes, the reocmmendation is to leave it "enabled" ( the feature is enabled in the default policy ).

    Regarding the comment "lowered the level of protection against SQL Injection type attacks" , could you please open a support ticket with the details ? We will review and make improvements as needed to the model